CVE Tools

phusion

OSS Librariescommercial

10

Cumulative CVEs

5

Monthly snapshots

#65

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting phusion.

CVE-2025-26803The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.5.3Feb 24, 2025
CVE-2012-6135RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.7.5Nov 19, 2019
CVE-2018-12615An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e....5.3Jun 21, 2018
CVE-2018-12029A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently ...7.0Jun 17, 2018
CVE-2018-12028An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitr...7.8Jun 17, 2018
CVE-2018-12027An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process ...8.8Jun 17, 2018
CVE-2018-12026During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning co...9.8Jun 17, 2018
CVE-2017-16355In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the ...4.7Dec 14, 2017
CVE-2016-10345In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.7.8Apr 18, 2017
CVE-2014-1832Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists be...2.1Feb 19, 2015
CVE-2014-1831Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.2.1Feb 19, 2015
CVE-2013-7134Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to co...7.5Apr 29, 2014
CVE-2013-2119Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "confi...4.6Jan 2, 2014
CVE-2013-4136ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on...4.4Sep 30, 2013